Cisco CEO: U.S. Should Reform Surveillance Rules

Cisco CEO John Chambers says his company does not enable NSA spying, and that the U.S. government must establish proper policies.

Internet Of Things: 8 Cost-Cutting Ideas For Government

(Click image for larger view and slideshow.)

Cisco faces new questions this week about the NSA's ability to use the company's ubiquitous networking gear to spy on targets. Glenn Greenwald, the journalist whose work with Edward Snowden ignited controversy over NSA policies, claims in a new book that the security agency routinely intercepts and modifies shipments of networking hardware.

Titled "No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State," Greenwald's book does not explicitly mention Cisco, but it includes a purported photo of NSA agents opening boxes stamped with the company's name.

In an interview, Cisco CEO John Chambers spoke critically of overreaching surveillance tactics and said the company does not enable governments to spy on customers.

"Are the products secure? How do you monitor that they haven't been tampered with when they're in your environment? How do you monitor that there are no backdoors?" he said. "We have never given our code to any government in the world, including our own. Everybody asks. We don't do it.

"If you had the capability to crunch code with the processor power coming out right now, you'll find weaknesses. That's why we don't give it to anyone. We fix issues any time we are aware of it," he continued, adding, "We don't aid in any supply chain issues, etc., nor will we ever."

Chambers said Cisco's IoT security strategy is "more than firewalls and antimalware," with security applied end-to-end. He said Cisco's expertise with system architecture will help it to install "security everywhere," and that all of the key software is open source.

Chambers also said surveillance policies need to improve. "Countries must lead. We need rules of the road that say, 'This is what we will not do.' I think our government has to take a much more proactive approach on that, and that's my strong input into both the House and Senate, and the [Obama] administration."

Photo from Glenn Greenwald's book that allegedly shows NSA representatives intercepting and altering Cisco equipment on its way to customers.

In a blog post, Cisco senior VP and general counsel Mark Chandler offered similar sentiments. He noted that the company complies with US laws, which limits where and to whom Cisco can export products. Law-abiding businesses, he said, "ought to be able to count on the government not to interfere with the lawful delivery of our products in the form in which we have manufactured them. To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry."

An NSA spokesperson dismissed Greenwald's new allegations, telling The Wall Street Journal that the NSA itself relies on US technology companies, and that the "US government is as concerned as the public is with the security of these products."

The NSA rep said the agency cannot comment on its intelligence-gathering activities but noted that its interest in any given technology is "driven by the use of that technology by foreign intelligence targets."

The newest NSA controversy didn't put a damper on Cisco's week, however. The company's better-than-expected earnings report prompted an upbeat reaction on Wall Street. Cisco's stock was up as much as 7% as of Thursday afternoon.

Trying to meet today's business technology needs with yesterday's IT organizational structure is like driving a Model T at the Indy 500. Time for a reset. Read our Transformative CIOs Organize For Success report today. (Free registration required.)

Michael Endler joined InformationWeek as an associate editor in 2012. He previously worked in talent representation in the entertainment industry, as a freelance copywriter and photojournalist, and as a teacher. Michael earned a BA in English from Stanford University in 2005 ... View Full Bio

I don't think Cisco has it as bad as the others. Workday came out recently and basically said everything must be done to stop this. Germany changed their IT procurements and wont award some contracts if companies can be compelled to turn over data. We mostly think of the companies in the slides but negative feelings about all US internet companies exist.

One interesting thing the tech industry did last week was set up their own Super PAC. I would not be the least bit suprised if we see them spend unlimited amounts of money on someone who will kill this thing.

This article raises another important question when it comes to the shipment of technology products from the United States. From a customer's perspective, I would expect that the company from which am buying the products takes it upon them to monitor all the stages of the shipment of the said products until they get to me. Granted, the government may have more power than other agencies but still, if they can interfere with the products while on their way to me how sure can I be that other entities too may not try, or be able, to do the same?

@Thomas, good point there. Cisco, and any other manufacturers of technology products within the United States for that matter, is practically toothless when it comes to stopping the government from leveraging its products for use in intelligence gathering. The laws regarding such activities are vague at best and even though the company's policies may explicitly renounce such measures, they really don't have any recourse other than comply when the government says otherwise.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.

Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."